ClawHub

Error Log Analyzer

Security checks across malware telemetry and agentic risk

Overview

This log analyzer mostly matches its purpose, but it can send sensitive logs to cloud AI providers while the docs say processing is local.

Install only if you are comfortable with submitted logs potentially being sent to configured AI providers. Redact secrets, tokens, customer data, internal hostnames, and proprietary stack traces before use, and avoid the feedback/training export features unless you have reviewed what they retain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares no permissions while its documented capabilities imply access to environment variables, filesystem paths, shell commands, and external networks. This is dangerous because users and hosting platforms cannot make an informed trust decision, and the skill processes sensitive log data that may include secrets, tokens, stack traces, and infrastructure details.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented purpose is a simple log analyzer, but the referenced behavior includes persistent feedback collection, historical metric tracking, training-data export, shell-driven benchmarks, and a web interface. This mismatch is risky because it expands data collection and attack surface beyond user expectations, especially when logs may contain sensitive application and user data.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The README states that logs are never stored on external servers, yet the same document instructs users to configure Anthropic/OpenAI API keys for AI-based analysis. Unless the tool guarantees all AI processing is strictly local or fully redacts content before transmission, log contents may be sent to third-party providers, making the claim misleading and creating a privacy/security risk for sensitive logs.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation states that logs are never stored on external servers while elsewhere requiring third-party AI APIs for AI features. If log content is sent to Anthropic, OpenAI, or another compatible provider, that claim is misleading and may cause users to expose confidential operational data under false privacy assumptions.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The analyzer reads provider API keys from environment variables and uses them to enable outbound LLM calls. For a log-analysis skill, that capability is plausible, but it expands the trust boundary because error messages and stack traces may be transmitted to third parties whenever a key is present. The issue is not credential theft in this file, but undeclared credential access and external-network capability that users may not expect from a local analyzer.

Context-Inappropriate Capability

High
Confidence
91% confidence
Finding
The code packages raw error messages, stack traces, AI outputs, and user corrections into training/fine-tuning exports. Those fields commonly contain secrets, internal paths, tokens, customer data, and proprietary code context, so exporting them for model training materially increases privacy and data-leakage risk beyond normal log analysis.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quick start encourages users to analyze raw error logs with AI/API-backed tooling but does not warn that logs commonly contain sensitive data such as tokens, credentials, session identifiers, email addresses, internal hostnames, stack traces, and personal data. In this context, users may send production logs to external model providers without realizing the privacy and compliance implications, creating a realistic risk of unintended data disclosure.

Missing User Warnings

High
Confidence
99% confidence
Finding
The FAQ says sensitive-data handling is safe because processing happens locally and logs are never stored externally, but the README also advertises external AI API usage. This omission can cause users to submit secrets, tokens, stack traces, or customer data to third-party model providers without informed consent, which is a meaningful security and compliance issue.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to configure external AI API keys but does not clearly warn that uploaded or pasted log contents may be sent to those providers during analysis. Since logs often contain credentials, internal paths, PII, and tokens, the missing disclosure creates material privacy and compliance risk.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The real-time monitoring feature implies continuous access to log files and potential ongoing transmission of newly collected log data, but this is not clearly disclosed. In continuous monitoring scenarios, the volume and sensitivity of exposed data can be much greater than one-time analysis.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The analyzer sends error messages and stack traces to an AI backend by default, but the CLI provides no clear warning that potentially sensitive log contents may leave the local environment. Logs often contain secrets, internal paths, tokens, PII, or proprietary code details, so silent transmission can cause confidentiality and compliance issues.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The code sends raw error messages and up to 2000 characters of stack trace to Anthropic or OpenAI. Logs and traces commonly contain secrets, tokens, file paths, internal hostnames, customer data, and source fragments, so this creates a real data-exfiltration/privacy risk if used on production errors. The skill context makes this more dangerous because the core input is operational telemetry, which is often sensitive by nature.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The code implicitly reads API credentials from environment variables without any visible notice or consent flow. While merely reading env vars is common and not inherently dangerous, undisclosed credential access increases surprise and can enable remote data flows that the operator did not intend. In this file, the main risk is transparency and consent, not direct secret leakage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
User-supplied error messages, stack traces, and corrections are appended to disk in plaintext JSONL without any warning, consent flow, minimization, or protection. Logs and stack traces often contain credentials, API keys, personal data, hostnames, file paths, and internal implementation details, so silent persistence creates meaningful confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The training export writes aggregated feedback-derived content to a JSON file, again without user-facing disclosure or safeguards. This amplifies exposure because it creates a second, easier-to-share dataset specifically intended for downstream model training, increasing the chance of unauthorized reuse or leakage of sensitive operational data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The page transmits raw pasted or uploaded logs to the backend AI analysis endpoint, but the UI does not warn users that logs often contain secrets, personal data, internal hostnames, stack traces, tokens, or API keys. In the context of an error-log analyzer, this is more dangerous than usual because the core workflow encourages bulk submission of diagnostic data that is frequently sensitive, increasing the likelihood of unintentional data disclosure to the service or downstream AI providers.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal